An Application of the MILS Approach to Secure Information Sharing

Rance DeLong (LynuxWorks, San Jose CA), David Hanz (SRI) and John Rushby (SRI)

Sadly, Dave Hanz died in April 2020. We dedicate this paper to his memory.

This paper was rejected by ACSAC 2010, but we think it worth making available.


MILS is an approach to the design of secure systems that supports modularity. MILS protection profiles encourage development of a COTS marketplace for trusted components, and the MILS principles for compositional assurance then allow assurance for the full system largely to be derived from that of its components. We illustrate the MILS principles for secure systems design and assurance through an example in which they are applied to a real system being developed to support military training in coalition operations.


BibTeX Entry


Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page